Method and system for linking certificates to signed files

Abstract

A method for processing a file having an existing filename. A private key associated with a digital certificate and a certificate address from which the digital certificate may be accessed are received from a certification authority (CA) who issued the digital certificate. A digital signature is generated based on the file and the received private key. The digital certificate includes a public key associated with the private key such that the generated digital signature can be verified through use of the public key. The file is signed with the generated digital signature The received certificate address is encoded to generate an encoded address. The existing filename and the encoded address are merged to generate a new filename. The file is renamed with the new filename. The renamed file may be authenticated by verifying the digital signature via execution of an authentication algorithm in conjunction with the public key.

Description

COPYRIGHT NOTICE [0001] A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent disclosure, as it appears in the National Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. FIELD OF THE INVENTION [0002] The present invention relates generally to network computing security and more specifically to a method and systems for linking a digital certificate to a digitally signed file that can be accessed through a network so as to provide information relative to the signer identity and the validity of the signature that can be used before opening the file. BACKGROUND OF THE INVENTION [0003] To improve data transmission security over computer networks and to prevent digital forgery, a digital signature is commonly used to authenticate a file i.e., to check file integrity and to authenticate...

AI Technical Summary

Benefits of technology

[0038] It is another object of the invention to provide a method and systems adapted for enabling a recipient to check whether or not a received file is a signed file, before opening said file.

Problems solved by technology

However,.if documents are later passed on or moved to new recipients, associated digital certificates can be lost, accidentally removed, or even intentionally removed on the way in an attempt to cheat.

If the document is later passed on or moved, it may be difficult to check again, since the certificate, or the certificate address, could be lost.

Furthermore, the method is not compatible with standard file formats such as image, video, audio or executable files that cannot be recognized prior to authentication.

Thus, there are security problems related to the methods described above for verifying the authenticity of received or accessed files by the recipient: when certificates are sent as separate files, the associated digital certificates could be lost if the signed files are later passed on or moved to new recipients.

In such case, it is impossible to verify these signed files.

Likewise, it is impossible to determine whether or not the certificate is valid i.e., if it has been issued by a CA, if it has not been revoked, and if the certificate date is valid.

If a certificate becomes compromised, the certificate authority can later revoke the certificate, thus rendering invalid all files signed after the signature's revocation date.

A certificate could become compromised if an unauthorized third-party obtained the private key associated with the certificate.

With the private key, an unauthorized person could essentially forge a signature.

Images